Edit: to be fair the variable proj_id sounds like it's not taken from untrusted input, but nevertheless a bad idea.
Edit: to be fair the variable proj_id sounds like it's not taken from untrusted input, but nevertheless a bad idea.